Last updated January 28, 2014. Created on December 7, 2007.
Edited by erikwebb, LeeHunter, AjK, webchick. Log in to edit this page.

The PHP filter core module adds the ability to include PHP code in posts. PHP is a general-purpose scripting language widely-used for web development; the content management system used by this website has been developed using PHP.

Through the PHP filter, users with the proper permission may include custom PHP code within a page of the site. While this is a powerful and flexible feature if used by a trusted user with PHP experience, it is a significant and dangerous security risk in the hands of a malicious user. Even a trusted user may accidentally compromise the site by entering malformed or incorrect PHP code. Only the most trusted users should be granted permission to use the PHP filter, and all PHP code added through the PHP filter should be carefully examined before use.

In addition to security, performance can also be negatively impacting. Enabling the PHP filter prevents output from being cached by the filter or fields caches.

Some example PHP snippets are available, or you can create your own with some PHP experience and knowledge of the Drupal system.

Looking for support? Visit the Drupal.org forums, or join #drupal-support in IRC.